Update: Google Denies NSA Cooperation While Expanding Encryption

Google says it is surprised by new reports of government spying on its private data centers, but it’s taking steps to defend against just that.

The National Security Agency has tapped internal communication links between data centers owned by Google and Yahoo, according to leaked documents former NSA contractor Edward Snowden shared with the Washington Post.

A Google spokeswoman said in a statement: “We’re troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity. However, we have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.”

The ability to access data stored in so-called private clouds expands what we know of the scope of the intelligence agency’s surveillance and could add urgency to U.S. Internet companies’ efforts to better secure the information they store. Google said in September it was working to encrypt data flowing between its servers as a defense against large-scale snooping of user accounts.

The latest Snowden documents claim the NSA has worked with its British counterpart, GCHQ to collect entire data flows across fiber-optic cables in a project codenamed MUSCULAR, said the Post. It reported:

According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.

General Keith Alexander, director of the NSA, said on Wednesday in an interview on Bloomberg Television that that the agency is “not authorized to go into a U.S. company’s servers and take data.”

An NSA spokeswoman said in a statement that several of the Post’s assertions were not true. In an email, she said:

“NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies Attorney General-approved processes =to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

Sarah Meron, a spokeswoman for Yahoo, said in an emailed statement: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,”